(19) 



J 



(12) 



Europaisches Patentamt 
European Patent Office 
Off ice europeen des brevets (11) EP 0 851 358 A2 

EUROPEAN PATENT APPLICATION 



(43) Date of publication: 

01.07.1998 Bulletin 1998/27 

(21) Application number: 97310176.9 

(22) Date of filing: 16.12.1997 



(51) int. CI. 6 : G06F 12/14 



(84) Designated Contracting States: 


(72) Inventor: Gamett, Paul Jeffrey 


AT BE CH DE DK ES Fl FR GB GR IE IT LI LU MC 


Merseyside, WA1 2 9PW (GB) 


NL PT SE 




Designated Extension States: 


(74) Representative: 


ALLTLVMKROSI 


Harris, Ian Richard et al 




D. Young & Co., 


(30) Priority: 31.12.1996 US 777256 


21 New Fetter Lane 


London EC4A1 DA (GB) 


(71) Applicant: Sun Microsystems Inc. 




Palo Alto, California 94303-4900 (US) 





(54) Processing system security 

(57) For controlling access to a system resource in 
a processing system, reprogrammable logic located 
between a bus and the resource is programmed in a first 
mode to permit access to the resource and is pro- 
grammed in a second mode to at least restrict access to 
said resource via the bus. The resource can be a critical 
area of storage holding or identifying critical operational 
parameters or critical operational software relating to 
the processing system. The reprogrammable logic is 
preferably implemented using a field programmable 
gate array. 
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Description 

This invention relates to computer system security, 
and in particular to the protection of a critical resource 
within a processing system. 

A computer system may be stopped from working 
by a software bug, or by a malicious act interfering with 
a critical system resource. The system resource can be 
a hardware resource, or can be software or data stored 
or otherwise retained within the computing system. 

An object of the invention is to improve the security 
of a system by preventing, or making more difficult, 
access to a critical resource. 

In accordance with a first aspect of the invention, 
there is provided a method of controlling access to a 
system resource in a processing system including a 
processing engine, said system resource and a bus, 
said method comprising steps of: in a first mode pro- 
gramming reprogrammable logic located between said 
bus and said resource to permit access by said 
processing engine via said bus to said resource; and in 
a second mode programming said reprogrammable 
logic to at least restrict access to said resource via said 
bus. 

By reprogramming the reprogrammable logic to 
restrict access to the critical resource, accidental or 
deliberate corruption of the critical resource can be pre- 
vented or at least made more difficult, thus improving 
overall system security and integrity. 

The resource can be a critical hardware compo- 
nent, although it will typically be an area of storage con- 
taining or identifying critical operational software or 
critical operational parameters of the system. The pro- 
gramming of the reprogrammable logic in the second 
mode can thus be used to block access selectively or 
totally to the storage area. 

The storage area can comprise test software and/or 
test parameters relating to the processing system. 

Preferably, the reprogrammable logic comprises a 
field programmable gate array. First programming infor- 
mation and second programming information can both 
be stored in memory in the processing system. Alterna- 
tively the first programming information is supplied 
externally to the processing system when required, and 
is not otherwise stored in the processing system. The 
latter alternative provides higher security and may be 
particularly useful for test purposes, whereby a test 
engineer could supply the first programming information 
in a test mode of operation. 

In accordance with a further aspect of the invention, 
there is provided a processing system (for example a 
computer system) comprising a processing engine (for 
example a microprocessor or microcontroller), a system 
resource, a bus and reprogrammable logic located 
between said bus and said resource, said reprogram- 
mable logic being programmable in a first mode to per- 
mit access by said processing engine via said bus to 
said resource and being programmable in a second 



mode to at least restrict access to said resource via said 
bus. 

Particular embodiments of the invention will be 
described hereinafter with reference to the accompany- 
5 ing drawings in which like reference signs relate to like 
elements and in which: 

Figure 1 is a schematic overview of a computing 
system; 

10 Figure 2 is a schematic overview of one implemen- 
tation of the present invention; 
Figures 3-6 relate to further examples of implemen- 
tations of the present invention; 
Figure 7 is a schematic diagram illustrating the 

is operation of the invention. 

Figure 1 is a schematic overview of a computing 
system 10. The computing system comprises a proces- 
sor 20 connected via a bus 30 to a number of resources. 

20 A display adaptor 22 enables a display 24 to be con- 
nected to the bus 30. Similarly, a keyboard adaptor 26 
allows a keyboard 28 to be connected to the bus 30. A 
first memory M1 32 is connected directly to the bus 30. 
A further memory M2 38 containing a critical software 

25 resource 40 is connected to the bus 30 via reprogram- 
mable logic, for example a reprogrammable gate array 
36. 

A communications adaptor 42 enables an external 
communications line 44 to be connected to the compu- 

30 ter bus 30. 

It will be appreciated that Figure 1 is merely a sche- 
matic overview of a computing system, and that an 
alternative computing system could have a different 
structure from that shown in Figure 1 . In the example of 

ss Figure 1 , and also in the examples set out hereinafter, 
the critical resource is assumed to be data, or software, 
stored in the memory M2 38. However, in other embod- 
iments of the invention the critical resource could be a 
hardware component which is, for example, reconfig- 

40 urable. An example of such a component could be a 
clock signal generator having a selectable clock rate. 
Alternatively, the hardware component could be a com- 
ponent of a system which is used only during certain 
modes of operation of the system. It may be desirable to 

« prevent access to the hardware component by the user 
of the apparatus, permitting access only during a test or 
repair mode under the control of a service engineer. 

In a preferred embodiment of the invention, the 
reprogrammable logic 36 is a reprogrammable gate 

so array, such as a f ield programmable gate array (FPGA) . 
In the following embodiments reference will be made to 
an FPGA 36, although other implementations of the 
device for restricting access to the resource may be pro- 
vided. 

55 Figure 7 illustrates an initial stage of operation of an 
embodiment of the invention such as that described in 
Figure 1. In particular, on initially booting the computing 
system, initialisation code 50 is operable to carry out the 



2 



3 



EP 0 851 358 A2 



4 



initialisation of the system. At a point in the initialisation 
program, reference C1 is made to first code stored at 
locations 52 in the memory M1 32. This information is 
loaded from the memory 32 (which could, for example, 
be a read only memory) into the FPGA 36 to initially pro- 5 
gram the FPGA 36. The FPGA 36 is then responsive to 
signals provided over the computer bus 30 to provide a 
first mode for enabling access by programming code P 
to the critical resource 40 in the memory M2 to perform 
the appropriate initialisation functions. After execution of 
the code P, a second reference C2 to information stored 
at 54 in the memory 32 is made. This second informa- 
tion 54 is then loaded into the FPGA 36 overwriting the 
original programming of the FPGA 36. This reprogram- 
ming of the FPGA 36 can then prevent, or restrict further 
access to the critical resource 40 in a second mode. 

Any one of many different models of commercially 
available reprogrammable can be employed as the 
FPGA 36 in an embodiment of the invention. The pro- 
gramming of the FPGA 36 will depend on the particular 
reprogrammable FPGA used and should be in accord- 
ance with the technical design specification for the 
FPGA concerned, as will be apparent to one skilled in 
the art. 

Figure 2 is a schematic representation of one con- 
figuration of an FPGA 36 and a memory 38, the FPGA 
receiving an N bit bus, and being connected to the 
memory 38 by an M bit bus. 

Figure 3 represents one specific embodiment of the 
invention with an FPGA receiving a read/write line r/w 
and a chip select line at cs and supplying the chip select 
and read/write lines to the memory 38. In this embodi- 
ment, the FPGA can be initially programmed to pass 
read and write signals, as well as the chip select signals 
to the memory 38. With the second programming 
(reprogramming) the FPGA can be arranged to pass 
only read signals, thus preventing writing to the memory 
38. Alternatively, both read and write signals to the 
memory 38 could be prevented with the second pro- 
gramming. In either case system resource protection is 
provided either by preventing overwriting by the user or 
by completely blocking access to the memory 38. 

Figures 4 and 5 indicate that the FPGA 36 can pro- 
vide a translation between different sized buses. Thus, 
in Figure 4, a narrow bus B1 accesses the FPGA 36 but 
the FPGA 36 decodes the signals on the input bus B1 to 
provide individual decoded lines B2 for accessing the 
memory 38. 

In Figure 5, a wide bus B3 accesses the FPGA 36, 
which only passes selected bits B4 of the address to the 
memory 38. In an embodiment of the invention, the 
FPGA provides a different translation in the first and 
second programming modes. 

Figure 6 illustrates an arrangement where a bus B5 
is provided at the input side of the FPGA 36. At the out- 
put side of FPGA, address lines represented at B6 and 
further address lines represented at B6' are provided. In 
an embodiment of the invention the address lines B6 



provide address signals with both the first and second 
programming of the PFGA, whereas the address sig- 
nals on lines B6' are either blocked or altered with either 
the first or second programming of the FPGA, whereby 
with the first programming, access to test software 44 
within the memory 38 can be permitted, whereas with 
the second programming, access to the test program- 
ming is prevented and access is instead permitted to 
user software 42. It would then be possible, during initial 
design and testing, or during subsequent use for diag- 
nostic purposes, for a test engineer to reprogram the 
FPGA with the original, first programming, and thereby 
permit access once more to the test software 44. 

As illustrated schematically in Figure 1 , the informa- 
tion 52, 54 is provided in the memory area 34 of mem- 
ory 32. However, it may be that the information relating 
to the first programming of the FPGA may not be 
retained in the memory of the computer system 10 at 
all, but could instead be provided externally by a test 
engineer when testing of the system is required. In this 
way, it would not be possible for the user to seek out and 
possibly find the information required for programming 
the FPGA. 

To provide additional security, it would be possible 
to encrypt the data stored in the areas 52/54 to make it 
more difficult for a user to find the information necessary 
for programming the FPGA 36. 

An embodiment of the invention can provide secu- 
rity of operation in that accidental access to critical 
resources can be prevented during normal use. Also, an 
embodiment of the invention can make it significantly 
more difficult for the user to access the critical 
resources. 

Although particular embodiments of the inventions 
have been described, it will be appreciated that the 
invention is not limited thereto, and many modifications 
and/or additions may be made within the scope of the 
invention. 

Also, by way of further example, although in the 
embodiment described herein, the processing system is 
shown as a computer system, the processing system 
could be any apparatus or system having a computer- 
based, microprocessor-based or microcontroller-based 
control system. 

Claims 

1. A method of controlling access to a system 
resource in a processing system including a 
processing engine, said system resource and a 
bus, said method comprising steps of: 

in a first mode programming reprogrammable 
logic located between said bus and said 
resource to permit access by said processing 
engine via said bus to said resource; and 
in a second mode programming said repro- 
grammable logic to at least restrict access to 
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said resource via said bus. 

2. A method according to Claim 1, wherein said 
resource is a critical area of storage, said second 
programming of said reprogrammable logic block- 
ing access to said storage area. 

3. A method according to Claim 2, wherein said stor- 
age area comprises critical operational parameters 
relating to said processing system. 

4. A method according to Claim 2, wherein said stor- 
age area identifies or comprises critical operational 
software. 

5. A method according to Claim 2, wherein said stor- 
age area comprises test software and/or test 
parameters relating to said processing system. 

6. A method according to any preceding Claim, 
wherein said reprogrammable logic comprises a 
reprogrammable field programmable gate array. 

7. A method according to Claim 6, wherein first pro- 
gramming information and second programming 
information are stored in memory in said process- 
ing system. 

8. A method according to any preceding Claim, 
wherein said first programming information is sup- 
plied externally to said processing system when 
required, and is not otherwise stored in said 
processing system. 

9. A processing system comprising a processing 
engine, a system resource, a bus and reprogram- 
mable logic located between said bus and said 
resource, said reprogrammable logic being pro- 
grammable in a first mode to permit access by said 
processing engine via said bus to said resource 
and being programmable in a second mode to at 
least restrict access to said resource via said bus. 

1 0. A system according to Claim 9, wherein said critical 
resource is an area of storage, said reprogramma- 
ble logic, when programmed in said second mode, 
blocking access to said storage area. 

11. A system according to Claim 10, wherein said stor- 
age area comprises critical operational parameters 
relating to said processing system. 

12. A system according to Claim 10, wherein said stor- 
age area identifies or comprises critical operational 
software. 

13. A system according to Claim 10, wherein said stor- 
age area comprises test software and/or test 



parameters relating to said processing system. 

14. A system according to any one of Claims 9 to 13, 
wherein said reprogrammable logic comprises a 

5 reprogrammable field programmable gate array. 

15. A system according to Claim 14, wherein first pro- 
gramming information and second programming 
information are stored in memory in said process- 

10 ing system. 

16. A system according to any one of Claims 9 to 15, 
wherein said first programming information is sup- 
plied externally to said processing system when 

is required, and is not otherwise stored in said 
processing system. 
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(54) Processing system security 

(57) For controlling access to a system resource in 
a processing system, reprogrammable logic located 
between a bus and the resource is programmed in a first 
mode to permit access to the resource and is pro- 
grammed in a second mode to at least restrict access to 
said resource via the bus. The resource can be a critical 
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Description 

[0001] This invention relates to computer system se- 
curity, and in particular to the protection of a critical re- 
source within a processing system. 
[0002] A computer system may be stopped from 
working by a software bug, or by a malicious act inter- 
fering with a critical system resource. The system re- 
source can be a hardware resource, or can be software 
or data stored or otherwise retained within the comput- 
ing system. 

[0003] DE 2733531 A, US 5535409A and EP 660215 
A disclose prior art arrangements for controlling access 
to memory resources. 

[0004] An object of the invention is to improve the se- 
curity of a system by preventing, or making more diffi- 
cult, access to a critical resource. 
[0005] In accordance with a first aspect of the inven- 
tion, there is provided a method of controlling access to 
a system resource in a processing system including a 
processing engine, said system resource and a bus, 
said method comprising steps of: in a first mode pro- 
gramming reprogrammable logic located between said 
bus and said resource to permit access by said process- 
ing engine via said bus to said resource; and in a second 
mode programming said reprogrammable logic to at 
least restrict access to said resource via said bus. 
[0006] By reprogramming the reprogrammable logic 
to restrict access to the critical resource, accidental or 
deliberate corruption of the critical resource can be pre- 
vented or at least made more difficult, thus improving 
overall system security and integrity. 
[0007] The resource can be a critical hardware com- 
ponent, although it will typically be an area of storage 
containing or identifying critical operational software or 
critical operational parameters of the system. The pro- 
gramming of the reprogrammable logic in the second 
mode can thus be used to block access selectively or 
totally to the storage area. 

[0008] The storage area can comprise test software 
and/or test parameters relating to the processing sys- 
tem. 

[0009] Preferably, the reprogrammable logic compris- 
es a field programmable gate array. First programming 
information and second programming information can 
both be stored in memory in the processing system. Al- 
ternatively the first programming information is supplied 
externally to the processing system when required, and 
is not otherwise stored in the processing system. The 
latter alternative provides higher security and may be 
particularly useful for test purposes, whereby a test en- 
gineer could supply the first programming information in 
a test mode of operation. 

[0010] In accordance with a further aspect of the in- 
vention, there is provided a processing system (for ex- 
ample a computer system) comprising a processing en- 
gine (for example a microprocessor or microcontroller), 
a system resource, a bus and reprogrammable logic lo- 



cated between said bus and said resource, said repro- 
grammable logic being programmable in a first mode to 
permit access by said processing engine via said bus to 
said resource and being programmable in a second 
mode to at least restrict access to said resource via said 
bus. 

[001 1] Particular embodiments of the invention will be 
described hereinafter with reference to the accompany- 
ing drawings in which like reference signs relate to like 
elements and in which: 

Figure 1 is a schematic overview of a computing 
system; 

Figure 2 is a schematic overview of one implemen- 
tation of the present invention; 
Figures 3-6 relate to further examples of implemen- 
tations of the present invention; 
Figure 7 is a schematic diagram illustrating the op- 
eration of the invention. 

[0012] Figure 1 is a schematic overview of a comput- 
ing system 1 0. The computing system comprises a proc- 
essor 20 connected via a bus 30 to a number of resourc- 
es. A display adaptor 22 enables a display 24 to be con- 
nected to the bus 30. Similarly, a keyboard adaptor 26 
allows a keyboard 28 to be connected to the bus 30. A 
first memory M1 32 is connected directly to the bus 30. 
A further memory IVI2 38 containing a critical software 
resource 40 is connected to the bus 30 via reprogram- 
mable logic, for example a reprogrammable gate array 
36. 

[0013] A communications adaptor 42 enables an ex- 
ternal communications line 44 to be connected to the 
computer bus 30. 

[0014] It will be appreciated that Figure 1 is merely a 
schematic overview of a computing system, and that an 
alternative computing system could have a different 
structure from that shown in Figure 1 . In the example of 
Figure 1 , and also in the examples set out hereinafter, 
the critical resource is assumed to be data, or software, 
stored in the memory M2 38. However, in other embod- 
iments of the invention the critical resource could be a 
hardware component which is, for example, reconfig- 
urable. An example of such a component could be a 
clock signal generator having a selectable clock rate. 
Alternatively, the hardware component could be a com- 
ponent of a system which is used only during certain 
modes of operation of the system. It may be desirable 
to prevent access to the hardware component by the 
user of the apparatus, permitting access only during a 
test or repair mode under the control of a service engi- 
neer. 

[0015] In a preferred embodiment of the invention, the 
reprogrammable logic 36 is a reprogrammable gate ar- 
ray, such as a field programmable gate array (FPGA). 
In the following embodiments reference will be made to 
an FPGA 36, although other implementations of the de- 
vice for restricting access to the resource may be pro- 



10 



15 



20 



25 



30 



35 



40 



45 



50 



2 



3 



EP 0 851 358 B1 



4 



vided. 

[0016] Figure 7 illustrates an initial stage of operation 
of an embodiment of the invention such as that de- 
scribed in Figure 1 . In particular, on initially booting the 
computing system, initialisation code 50 is operable to s 
carry out the initialisation of the system. At a point in the 
initialisation program, reference C1 is made to first code 
stored at locations 52 in the memory M1 32. This infor- 
mation is loaded from the memory 32 (which could, for 
example, be a read only memory) into the FPGA 36 to 
initially program the FPGA 36. The FPGA 36 is then re- 
sponsive to signals provided over the computer bus 30 
to provide a first mode for enabling access by program- 
ming code P to the critical resource 40 in the memory 
M2 to perform the appropriate initialisation functions. Af- 
ter execution of the code P, a second reference C2 to 
information stored at 54 in the memory 32 is made. This 
second information 54 is then loaded into the FPGA 36 
overwriting the original programming of the FPGA 36. 
This reprogramming of the FPGA 36 can then prevent, 
or restrict further access to the critical resource 40 in a 
second mode. 

[0017] Any one of many different models of commer- 
cially available reprogrammable logic can be employed 
as the FPGA 36 in an embodiment of the invention. The 
programming of the FPGA 36 will depend on the partic- 
ular reprogrammable FPGA used and should be in ac- 
cordance with the technical design specification for the 
FPGA concerned, as will be apparent to one skilled in 
the art. 

[0018] Figure 2 is a schematic representation of one 
configuration of an FPGA 36 and a memory 38, the FP- 
GA receiving an N bit bus, and being connected to the 
memory 38 by an M bit bus. 

[0019] Figure 3 represents one specific embodiment 
of the invention with an FPGA receiving a read/write line 
r/w and a chip select line at cs and supplying the chip 
select and read/write lines to the memory 38. In this em- 
bodiment, the FPGA can be initially programmed to 
pass read and write signals, as well as the chip select 
signals to the memory 38. With the second program- 
ming (reprogramming) the FPGA can be arranged to 
pass only read signals, thus preventing writing to the 
memory 38. Alternatively, both read and write signals to 
the memory 38 could be prevented with the second pro- 
gramming. In either case system resource protection is 
provided either by preventing overwriting by the user or 
by completely blocking access to the memory 38. 
[0020] Figures 4 and 5 indicate that the FPGA 36 can 
provide a translation between different sized buses. 
Thus, in Figure 4, a narrow bus B1 accesses the FPGA 
36 but the FPGA 36 decodes the signals on the input 
bus B1 to provide individual decoded lines B2 for ac- 
cessing the memory 38. 

[0021] In Figure 5, a wide bus B3 accesses the FPGA 
36, which only passes selected bits B4 of the address 
to the memory 38. In an embodiment of the invention, 
the FPGA provides a different translation in the first and 



second programming modes. 

[0022] Figure 6 illustrates an arrangement where a 
bus B5 is provided at the input side of the FPGA 36. At 
the output side of FPGA, address lines represented at 
B6 and further address lines represented at B6' are pro- 
vided. In an embodiment of the invention the address 
lines B6 provide address signals with both the first and 
second programming of the PFGA, whereas the ad- 
dress signals on lines B6' are either blocked or altered 
with either the first or second programming of the FPGA, 
whereby with the first programming, access to test soft- 
ware 44 within the memory 38 can be permitted, where- 
as with the second programming, access to the test pro- 
gramming is prevented and access is instead permitted 
to user software 42. It would then be possible, during 
initial design and testing, or during subsequent use for 
diagnostic purposes, for a test engineer to reprogram 
the FPGA with the original, first programming, and 
thereby permit access once more to the test software 
44. 

[0023] As illustrated schematically in Figure 1 , the in- 
formation 52, 54 is provided in the memory area 34 of 
memory 32. However, it may be that the information re- 
lating to the first programming of the FPGA may not be 
retained in the memory of the computer system 10 at 
all, but could instead be provided externally by a test 
engineer when testing of the system is required. In this 
way, it would not be possible for the user to seek out 
and possibly find the information required for program- 
ming the FPGA. 

[0024] To provide additional security, it would be pos- 
sible to encrypt the data stored in the areas 52/54 to 
make it more difficult for a user to find the information 
necessary for programming the FPGA 36. 
[0025] An embodiment of the invention can provide 
security of operation in that accidental access to critical 
resources can be prevented during normal use. Also, 
an embodiment of the invention can make it significantly 
more difficult for the user to access the critical resourc- 
es. 

[0026] Although particular embodiments of the inven- 
tions have been described, it will be appreciated that the 
invention is not limited thereto, and many modifications 
and/or additions may be made within the scope of the 
invention as defined in the claims. 
[0027] Also, by way of further example, although in 
the embodiment described herein, the processing sys- 
tem is shown as a computer system, the processing sys- 
tem could be any apparatus or system having a compu- 
ter-based, microprocessor-based or microcontroller- 
based control system. 



Claims 

1. A method of controlling access to a system re- 
source (40) in a processing system (10) including a 
processing engine (20), said system resource and 



15 



20 



25 



30 



35 



40 



45 



50 



3 



5 



EP 0 851 358 B1 



6 



a bus (30), said method comprising steps of: 

in a first mode programming reprogrammable 
logic (36) located between said bus and said 
resource to permit access by said processing 
engine via said bus to said resource; and 
in a second mode programming said repro- 
grammable logic to at least restrict access to 
said resource via said bus. 

2. A method according to Claim 1 , wherein said re- 
source is a critical area of storage, said second pro- 
gramming of said reprogrammable logic blocking 
access to said storage area. 

3. A method according to Claim 2, wherein said stor- 
age area comprises critical operational parameters 
relating to said processing system. 

4. A method according to Claim 2, wherein said stor- 
age area identifies or comprises critical operational 
software. 

5. A method according to Claim 2, wherein said stor- 
age area comprises test software and/or test pa- 
rameters relating to said processing system. 

6. A method according to any preceding Claim, where- 
in said reprogrammable logic comprises a repro- 
grammable field programmable gate array. 

7. A method according to Claim 6, wherein first pro- 
gramming information and second programming in- 
formation are stored in memory in said processing 
system. 

8. A method according to any preceding Claim, where- 
in said first programming information is supplied ex- 
ternally to said processing system when required, 
and is not otherwise stored in said processing sys- 
tem. 

9. A processing system (1 0) comprising a processing 
engine (20), system resource (40), a bus (30) and 
reprogrammable logic (36) located between said 
bus and said resource, said reprogrammable logic 
being programmable in a first mode to permit ac- 
cess by said processing engine via said bus to said 
resource and being programmable in a second 
mode to at least restrict access to said resource via 
said bus. 

10. A system according to Claim 9, wherein said critical 
resource is an area of storage (38), said reprogram- 
mable logic, when programmed in said second 
mode, blocking access to said storage area. 

11. A system according to Claim 10, wherein said stor- 



age area comprises critical operational parameters 
relating to said processing system. 

12. A system according to Claim 10, wherein said stor- 
5 age area identifies or comprises critical operational 

software. 

13. A system according to Claim 10, wherein said stor- 
age area comprises test software and/or test pa- 

10 rameters relating to said processing system. 

14. A system according to any one of Claims 9 to 13, 
wherein said reprogrammable logic comprises a re- 
programmable field programmable gate array. 

15 

15. A system according to Claim 14, wherein first pro- 
gramming information and second programming in- 
formation are stored in memory in said processing 
system. 

20 

16. A system according to any one of Claims 9 to 15, 
wherein said first programming information is sup- 
plied externally to said processing system when re- 
quired, and is not otherwise stored in said process- 

25 ing system. 



Patentanspruche 

30 1. Verfahren zur Kontrolle des Zugriffs auf eine Sy- 
stemresource (40) in einem Verarbeitungssystem 
(10), welches eine Verarbeitungsmaschine (20), die 
Systemresource und einen Bus (30) umfafit, wobei 
das Verfahren die Schritte aufweist: 

35 

in einer ersten Betriebsart Programmieren ei- 
ner wiederprogrammierbaren Logik (36), die 
zwischen dem Bus und der Resource angeord- 
net ist, urn einen Zugriff durch die Verarbei- 
40 tungsmaschine uberden Bus auf die Resource 

zu ermoglichen, und 

in einer zweiten Betriebsart Programmieren der 
wiederprogrammierbaren Logik, urn den Zugriff 
uber den Bus auf die Resource zumindest ein- 
45 zuschrSnken. 

2. Verfahren nach Anspruch 1 , wobei die Resource ein 
kritischer Bereich eines Speichers ist, und wobei 
die zweite Programmierung der wiederprogram- 

50 mierbaren Logik den Zugriff zu diesem Speicherbe- 
reich blockiert. 

3. Verfahren nach Anspruch 2, wobei der Speicherbe- 
reich kritische Betriebsparameter aufweist, die sich 

55 auf das Verarbeitungssystem beziehen. 

4. Verfahren nach Anspruch 2, wobei der Speicherbe- 
reich kritische Betriebssoftware identifiziert Oder 
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aufweist. 

5. Verfahren nach Anspruch 2, wobei der Speicherbe- 
reich Testsoftware und/oder Testparameter auf- 
weist, die sich auf das Verarbeitungssystem bezie- 
hen. 

6. Verfahren nach irgendeinem der vorstehenden An- 
spruche, wobei die wiederprogrammierbare Logik 
ein wiederprogrammierbares, feldprogrammierba- 
res Gatearray aufweist. 

7. Verfahren nach Anspruch 6, wobei die erste Pro- 
grammierinformation und die zweite Programmier- 
information in dem Speicher in dem Verarbeitungs- 
system gespeichert sind. 

8. Verfahren nach irgendeinem der vorstehenden An- 
spruche, wobei die erste Programmierinformation 
dem Verarbeitungssystem extern zugefuhrt wird, 
wenn dies erforderlich ist, und im ubrigen nicht in 
dem Verarbeitungssystem gespeichert wird. 

9. Verarbeitungssystem (10), mit einer Verarbeitungs- 
maschine (20), einer Systemresource (40), einem 
Bus (30) und einer wiederprogrammierbaren Logik 
36, die zwischen dem Bus und der Resource ange- 
ordnet ist, wobei die wiederprogrammierbare Logik 
so programmierbar ist, dafi sie in einer ersten Be- 
triebsart den Zugriff durch die Verarbeitungsma- 
schine uber den Bus auf die Resource ermoglicht 
und in einer zweiten Betriebsartso programmierbar 
ist, dalJ sie den Zugriff auf die Resource Ober den 
Bus zumindest einschrankt. 

10. System nach Anspruch 9, wobei die kritische Re- 
source ein Bereich eines Speichers (38) ist, wobei 
die wiederprogrammierbare Logik, wenn sie in der 
zweiten Betriebsart programmiert ist, den Zugriff 
auf den Speicherbereich blockiert. 

11. System nach Anspruch 10, wobei der Speicherbe- 
reich kritische Betriebsparameter aufweist, die sich 
auf das Verarbeitungssystem beziehen. 

12. System nach Anspruch 10, wobei der Speicherbe- 
reich kritische Betriebssoftware identifiziert Oder 
aufweist. 

13. System nach Anspruch 10, wobei der Speicherbe- 
reich Testsoftware und/oder Testparameter auf- 
weist, die sich auf das Verarbeitungssystem bezie- 
hen. 

14. System nach einem der Anspruche 9 bis 13, wobei 
die wiederprogrammierbare Logik ein wiederpro- 
grammierbares, feldprogrammierbares Gatearray 
aufweist. 



15. System nach Anspruch 14, wobei erste Program- 
mierinformationen und zweite Programmierinfor- 
mationen in dem Speicher in dem Verarbeitungssy- 
stem gespeichert sind. 

5 

16. System nach einem der Anspruche 9 bis 15, wobei 
die erste Programmierinformation dem Verarbei- 
tungssystem extern zugefuhrt wird, wenn dies er- 
forderlich ist, und im ubrigen nicht in dem Verarbei- 

10 tungssystem gespeichert wird. 



Revendications 

15 1. Precede pour commander I'acces a une ressource 
de systeme (40) dans un systeme de traitement 
(1 0) incluant un moteur de traitement (20), la res- 
source de systeme et un bus (30), ce procede com- 
prenant les etapes suivantes : 

20 

dans un premier mode, on programme une lo- 
gique reprogrammable (36) placee entre le bus 
et la ressource pour permettre I'acces a la res- 
source par le moteur de traitement, par I'inter- 
25 mediaire du bus; et 

dans un second mode, on programme la logi- 
que reprogrammable pour au moins restreindre 
I'acces a la ressource par I'intermediaire du 
bus. 

30 

2, Procede selon la revendication 1, dans lequel la 
ressource est une zone de stockage critique, la se- 
conde programmation de la logique reprogramma- 
ble bloquant I'acces a cette zone de stockage. 

35 

3. Procede selon la revendication 2, dans lequel la zo- 
ne de stockage contient des parametres operation- 
nels critiques concernant le systeme de traitement. 

40 4. Procede selon la revendication 2, dans lequel la zo- 
ne de stockage identifie ou contient un logiciel ope- 
rationnel critique. 

5. Procede selon la revendication 2, dans lequel la zo- 
45 ne de stockage contient un logiciel de test et/ou des 

parametres de test concernant le systeme de trai- 
tement. 

6. Procede selon I'une quelconque des revendications 
so precedentes, dans lequel la logique reprogramma- 
ble comprend un reseau de portes programmable 
sur les lieux d'utilisation et reprogrammable. 

7. Procede selon la revendication 6, dans lequel la 
55 premiere information de programmation et la se- 

conde information de programmation sontstockees 
en memoire dans le systeme de traitement. 
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8. Procede selon I'une quelconque des revendications 
precedentes, dans lequel la premiere information 
de programmation est fournie a partir de I'exterieur 
au systeme de traitement lorsque c'est necessaire, 

et elle n'est pas par ailleurs stockee dans le syste- 5 
me de traitement. 

9. Systeme de traitement (10) comprenant un moteur 
de traitement (20), une ressource de systeme (40), 

un bus (30) et une logique reprogrammable (36) 10 
placee entre le bus et la ressource, cette logique 
reprogrammable etant programmable dans un pre- 
mier mode pour permettre I'acces a la ressource par 
le moteur de traitement, par I'intermediaire du bus, 
et etant programmable dans un second mode pour 15 
au moins restreindre I'acces a la ressource par I'in- 
termediaire du bus. 

10. Systeme selon la revendication 9, dans lequel la 
ressource critique est une zone de stockage (38), 20 
et lorsque la logique reprogrammable est program- 
mee dans le second mode, elle bloque I'acces a cet- 
te zone de stockage. 

11. Systeme selon la revendication 10, dans lequel la 25 
zone de stockage contient des parametres opera- 
tionnels critiques concernant le systeme de traite- 
ment. 

12. Systeme selon la revendication 10, dans lequel la 30 
zone de stockage identifie ou contient un logiciel 
operationnel critique. 

13. Systeme selon la revendication 10, dans lequel la 
zone de stockage contient un logiciel de test et/ou 35 
des parametres de test concernant le systeme de 
traitement. 

14. Systeme selon I'une quelconque des revendica- 
tions 9 a 1 3, dans lequel la logique reprogrammable 40 
comprend un reseau de portes programmable sur 

les lieux d'utilisation et reprogrammable. 

15. Systeme selon la revendication 14, dans lequel une 
premiere information de programmation et une se- 15 
conde information de programmation sont stockees 

en memoire dans le systeme de traitement. 

16. Systeme selon I'une quelconque des revendica- 
tions 9 a 1 5, dans lequel la premiere information de so 
programmation est fournie au systeme de traite- 
ment a partir de I'exterieur lorsque c'est necessaire, 

et elle n'est pas par ailleurs stockee dans le syste- 
me de traitement. 
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